What is SOC2?
Originally established by the American Institute of Certified Public Accountants (AICPA), Service Organization Control (SOC) defines how organizations handle sensitive data through a set of standards to create, maintain and prove the way a vendor manages data either on premises or in the cloud.
How is SOC2 Certification Achieved?
The SOC2 certification requires the vendor to undergo an independent audit by a qualified, independent auditor. The auditor then certifies that the vendor meets all applicable requirements in one or more of the following trust principles:
Security
Availability
Processing Integrity
Confidentiality
Privacy
How do Custodia’s customers benefit from our SOC2 compliance?
It comes down to trust. Our customers operate in regulated industries where they trust that their data is secure and being handled in the most responsible manner is arguably the most important factor in who they choose to do business with.
Custodia being SOC2 compliant provides assurance to our customers that their data is safe. This is especially important for regulated industries like financial services, energy and health care which are subject to strict regulatory requirements and must adhere to the very highest standards of data security.
How does Custodia fit the standards of SOC2?
Custodia has undergone a SOC2 Type I audit and received a favourable report from independent auditors confirming that our systems and controls meet all of the SOC2 standards.
Custodia's SOC2 report covers areas such as infrastructure security, data encryption, access controls, incident management, incident response, and business continuity.
This report helps customers understand the measures Custodia takes to ensure the security and integrity of their data and gives them confidence in the reliability and quality of our services, demonstrating that Custodia has implemented policies and procedures to protect the confidentiality, integrity, and availability of customer data and the systems that support our services.
How will Custodia maintain SOC2 compliance over time, and what’s next for security at Custodia?
Maintaining SOC2 compliance is an ongoing process, and Custodia is committed to ensuring that it continues to meet the standards over time. To maintain SOC2 compliance Custodia has begun the SOC2 Type II observation period, which ensures that the standards are continuously adhered to for a rolling one-year time frame.
In addition to maintaining SOC2 compliance, Custodia is committed to staying ahead of evolving security threats and industry standards. To this end, Custodia will continue to invest in its security program and evaluate new technologies and best practices as they emerge. This includes working closely with its customers and industry partners to understand their needs and requirements, and to ensure that Custodia's security program meets the highest standards of data security and privacy.